[RADIATOR] SSL Error in PEAP conversation

Heikki Vatiainen hvn at open.com.au
Fri Sep 14 15:42:30 CDT 2012

On 09/14/2012 07:16 PM, Johnson, Neil M wrote:

> I have a wireless user who a few times a day gets asked to re-enter his
> credentials on his windows 7 system.  After he re-enters his credentials
> he reconnects fine.  I look in the RADIUS logs and see:
> Mon Sep 10 17:06:58 2012 757006: ERR: EAP PEAP TLS Handshake
> unsuccessful:  4076: 1 - error:14094417:SSL
> routines:SSL3_READ_BYTES:sslv3 alert illegal parameter
> I don't have any more verbose logging at this time (The user is out of
> the office this week), but I was wondering if anyone else had seen this
> error message before.

I have seen that just a couple of times but certainly not very often.
Trace 4 log would be useful to see what happens during the TLS tunnel setup.

There's one PEAP related fix in 4.10 patches. What you see may be
related to PEAP fast reconnect aka session resumption. The patch fixes
problems with windows clients.

The problem does not cause the error you are seeing so it may be related
to some other client. However, if you can apply the patch, it might be
worth trying.


Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list